tanner/personal-site
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Edit Bypassing Ports

Browse Source
This commit is contained in:
Tanner Collin 2021-04-27 01:13:18 +00:00
parent 1a98f7a163
commit 63842070cc
1 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
content/bypassing-ports.md
View File

@ -94,11 +94,13 @@ laptop, phone, etc. to protect you from public WiFi, create only a single extra
$ ./easyrsa build-client-full client nopass # optional $ ./easyrsa build-client-full client nopass # optional
``` ```
Leave off `nopass` if you want to password protect the config file when you set Leave off `nopass` if you want to password protect the config file keys when you
up a new client. set up a new client.
Create the server config file `/etc/openvpn/server.conf`: Create the server config file `/etc/openvpn/server.conf`:
<span class="aside">Can't use port 443 here since it'll be forwarded</span>
``` ```
port 1194 port 1194
proto udp proto udp
@ -144,7 +146,7 @@ ifconfig-push 10.8.0.100 255.255.255.0
Test your config by running: Test your config by running:
``` ```
sudo openvpn --config /etc/openvpn/server.conf $ sudo openvpn --config /etc/openvpn/server.conf
``` ```
If you run `ip addr` in another terminal, you should see an entry like this: If you run `ip addr` in another terminal, you should see an entry like this:
@ -236,7 +238,7 @@ $ sudo ufw disable && sudo ufw enable
Switch to your home server or client machine. Switch to your home server or client machine.
Install openvpn: Install OpenVPN:
``` ```
$ sudo apt update $ sudo apt update
@ -275,8 +277,8 @@ key-direction 1
</tls-auth> </tls-auth>
``` ```
Replace the `[server ...]` lines with the contents of that file on the VPN Replace the `[server ...]` lines with the contents of that file on the __VPN
server, for example: server__, for example:
``` ```
$ sudo cat /etc/openvpn/easy-rsa/pki/ca.crt $ sudo cat /etc/openvpn/easy-rsa/pki/ca.crt
@ -294,6 +296,7 @@ client
dev tun dev tun
proto udp proto udp
remote vpn.example.com 1194 remote vpn.example.com 1194
redirect-gateway def1
resolv-retry infinite resolv-retry infinite
nobind nobind
persist-key persist-key
@ -303,7 +306,6 @@ cipher AES-256-GCM
auth SHA256 auth SHA256
comp-lzo comp-lzo
key-direction 1 key-direction 1
redirect-gateway def1
<ca> <ca>
[server /etc/openvpn/easy-rsa/pki/ca.crt] [server /etc/openvpn/easy-rsa/pki/ca.crt]
</ca> </ca>
@ -323,7 +325,7 @@ The `client.ovpn` file is ready to be imported into your VPN clients.
Test your config by running: Test your config by running:
``` ```
sudo openvpn --config /etc/openvpn/client.conf $ sudo openvpn --config /etc/openvpn/client.conf
``` ```
If you run `ip addr` in another terminal, you should see an entry like this: If you run `ip addr` in another terminal, you should see an entry like this:
@ -376,5 +378,15 @@ You should now be fine to access your home server from over the internet.
To forward additional ports, just edit the `/etc/ufw/before.rules` file like To forward additional ports, just edit the `/etc/ufw/before.rules` file like
above. above.
You can now point a domain to your virtual server's IP and use that to connect
to your home server. Use a CNAME to make it easy to change later:
```
NAME TYPE VALUE
--------------------------------------------------
vpn.example.com. A 123.123.123.123
myserver.example.com. CNAME vpn.example.com.
```
Finally, make sure any server programs are listening / bound to `10.8.0.100` or Finally, make sure any server programs are listening / bound to `10.8.0.100` or
`0.0.0.0` so that they can get traffic from that interface. `0.0.0.0` so that they can get traffic from that interface.